<?php 
// function dbconnect(){ 
//     $db = mysql_connect("localhost", "root", "") 
//     or die("Could not connect: ".mysql_error()); 
  
//     mysql_select_db("auto_news", $db) 
//     or die("Could not find database: ".mysql_error()); 
  
//     return $db; 
// } 

class DBConnect { //connection as a class

	private $conn;

	function __construct(){
		$this->conn = mysql_connect("localhost", "root", "") or die("Could not connect: " .mysql_error());
		mysql_select_db("auto_news", $this->conn) or die("Could not find database: " .mysql_error());
	}
	
	function connect()
	{
		return $this->conn;
	}
}

class News
{
	public $title;
	public $body;
	public $date;
	public $author;
	
	function __construct($title, $body, $date, $author)
	{
		$this->title = $title;
		$this->body = $body;
		$this->date = $date;
		$this->author = $author;
	}
}

function uploadArticle(){  
    $article = new News($_POST['title'], $_POST['body'], date("Y-m-d", strtotime($_POST['date'])), $_POST['author']);
    $url = $_POST['imgurl']; 
    $capt = $_POST['imgcapt'];
    if(($_POST['title'] != "" && $_POST['body'] != "" && $_POST['date'] != "" && $_POST['author'] != "" && $url != "" && $capt != "") && 
            ($_POST['title'] != " " && $_POST['body'] != " " && $_POST['date'] != " " && $_POST['author'] != " " && $url != " " && $capt != " ")) 
    { 
    	
        putIntoDatabase($article, $url, $capt); 
    } 
    else
    { 
        echo "<br /><br /><p style='color: red; width: 145px; border: 2px dashed #dedede; font-weight: bold;'>Please fill all fields!<p></p>"; 
    } 
} 
  
function putIntoDatabase($article, $imageurl, $imagecapt)
{
	$conn = new DBConnect();
    $dbRecords = mysql_query("INSERT INTO NEWS (NEWS_TITLE, NEWS_BODY, NEWS_DATE, NEWS_AUTOR) VALUES 
            ('$article->title','$article->body','$article->date','$article->author')",  $conn->connect()) 
            or die ("Problem reading table: ".mysql_error()); 
      
    $res = mysql_query("SELECT MAX(ID) FROM NEWS",  $conn->connect()) 
    or die ("Problem reading table: ".mysql_error()); 
      
    $newsId = mysql_result($res,0); 
      
    for($i = 0; $i < count($imageurl); $i++) 
    { 
        $dbRecords2 = mysql_query("INSERT INTO IMAGES (IMAGE_PATH, IMAGE_TITLE, NEWS_ID_FK) VALUES 
            ('$imageurl[$i]','$imagecapt[$i]', '$newsId')", $conn->connect()) 
            or die ("Problem reading table: ".mysql_error()); 
    } 
    echo "<br /><br/><p style='width: 424px; border: 2px dashed #dedede; font-weight: bold;'>The article has been successfully added to the database!</p>"; 
 } 
   
function createUser($username, $passwowrd, $email, $bday, $fname, $lname) 
 { 
 		$conn = new DBConnect();
        $dbRecords = mysql_query("INSERT INTO USERS (USERNAME, PASSWORD, EMAIL, BIRTH_DATE, FIRST_NAME, LAST_NAME, ROLE_ID) 
                VALUES('$username', '$passwowrd', '$email', '$bday', '$fname', '$lname', '1')", $conn->connect()) 
        or die ('<script>document.getElementById("passValid").innerHTML = "The username already exists!";</script>'); 
 } 

function isUserExists($username, $password){
 		$conn = new DBConnect();
 		$query = mysql_query("SELECT EXISTS(SELECT 1 FROM USERS WHERE USERNAME = '$username')", $conn->connect())
 				or die ("Problem reading table: ".mysql_error()); 
 		$isUserExists = mysql_result($query, 0);
 		if($isUserExists)
 		{
 			$messages='';
 			$query2 = mysql_query("SELECT PASSWORD FROM USERS WHERE USERNAME = '$username'", $conn->connect())
 				or die ("Problem reading table: ".mysql_error()); 
 			$userpass = mysql_result($query2, 0);
 			if($userpass == $password)
 			{
 				return true;
 			}
 			elseif ($password == '')
 			{
 				echo "<div class='message'>Please enter password!</div>";
 			}
 			else
 			{
 				echo "<div class='message'>Wrong password!</div>";
 			}
 		}
 		else {
 			echo "<div class='message'>No such user!</div>";
 		}
 }
?>